Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-03 00:17:02.966234 2016-11-03 00:19:15.527300 132 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win-xp-sp3 win-xp-sp3 VirtualBox 2016-11-03 00:17:03 2016-11-03 00:19:15

File Details

File name APT_military procurement.pdf
File size 91010 bytes
File type PDF document, version 1.7
CRC32 51488613
MD5 cdb6dcf66b7d3c5bc678378f46ba94e7
SHA1 401a52e081313eccba1d29383b52b26c5e438a9d
SHA256 f9203c812fd4668ceff53001fab6d79e61a5e6938125a30e69aca5d2ce6e1a8e
SHA512 10de5d17e173ea0e46dbc9da09a2233cb1c75cde88169545a635def8b70c693425742f7907c0a7a1a70a52e24a8b56b2d73c8cfe44ed52dbeef773408d0f77dd
Ssdeep 1536:40AOB3HN+RNlmABHf9t/ogOXCrg+NZaN9m1Pp6gMBg+NZKSp:40zb+vYABFxDOXCrlNENcANMq
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2015-12-17 11:29:17
Detection Rate: 32/53 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Strings

Dropped Files

1233705b8e83d408_aum.log

2d562790a4ab37ed_a9r8013.tmp

0a84bb9fa5c3aa10_adobeupdaterprefs.dat

3295328e4dc21218_AdobeMissingComps.xml_

2734c91d590c012c_shareddataevents

4d7f480cf854fe56_acecache10.lst

36de7efc0bfd1ca5_a9r8012.tmp

468d364bf1f8954a_updater.log

a479dd2807cb9817_ArmUI.ini

2a2e0ba33d793244_usercache.bin

d2f8b9a28940b9a5_adobearm.log

226d1c9926375880_d3d9caps.dat

0b9a8988ac1040d3_AdobeMissingComps.xml

47f1892c02460c80_aumlib.log

Network Analysis

Nothing to display.

Behavior Summary

File-Read
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • \\?\PIPE\lsarpc
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
File-Written
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • \\?\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E009524054672thsnYaVieBoda
  • C:\Documents and Settings\ardi\Local Settings\Temp\AdobeARM.log
  • \\?\PIPE\lsarpc
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml_
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\aum.log
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml
  • C:\WINDOWS\system32\d3d9caps.dat
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8012.tmp
  • \\?\PIPE\lsarpc
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml_
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Color\ACECache10.lst
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents
  • C:\WINDOWS\system32\d3d9caps.tmp
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\aumLib.log
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8013.tmp
File-Deleted
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml.0
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml_
File-Opened
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • \\?\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E009524054672thsnYaVieBoda
  • C:\Documents and Settings\ardi\Local Settings\Temp\AdobeARM.log
  • C:\
  • \\?\PIPE\lsarpc
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
  • C:\Documents and Settings\All Users\Application Data\Adobe\
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
  • C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\
  • C:\
  • C:\Documents and Settings\ardi\Application Data\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Flash Player\AssetCache\
  • C:\Program Files\Adobe\Reader 9.0\Resource\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf
  • C:\WINDOWS\Web\wallpaper\Bliss.bmp
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB
  • C:\WINDOWS\system32\wininet.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf
  • C:\WINDOWS\system32\urlmon.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap\
  • C:\WINDOWS\system32\d3d9caps.tmp
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\
  • C:\Program Files\
  • C:\Documents and Settings\All Users\Application Data\desktop.ini
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\Forms\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Search5.api
  • C:\Documents and Settings\All Users\Application Data\Adobe\
  • C:\Documents and Settings\ardi\Application Data\Adobe\Flash Player\
  • C:\WINDOWS\system32\VBoxDisp.dll
  • C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\Replicate\
  • C:\WINDOWS\system32\Macromed\Flash\
  • C:\WINDOWS\system32\wdmaud.drv
  • C:\WINDOWS\system32\spool\drivers\color\is330.icm
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Search.api
  • C:\WINDOWS\system32\rpcss.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.sig
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\
  • C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
  • C:\Program Files\Common Files\Adobe\
  • C:\Documents and Settings\ardi\Application Data\desktop.ini
  • C:\Documents and Settings\ardi\Local Settings\Temp\APT_military procurement.pdf
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log
  • C:\Program Files\Adobe\Reader 9.0\Reader\JavaScripts\
  • C:\Documents and Settings\ardi\Local Settings\Application Data\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\IA32.api
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\Collab\
  • C:\Program Files\Common Files\Adobe\ARM\1.0\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\HLS.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\aumLib.log
  • C:\Documents and Settings\ardi\Local Settings\Temp\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\
  • C:\WINDOWS\system32
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\reflow.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api
  • C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm
  • C:\Program Files\Common Files\
  • C:\WINDOWS\
  • C:\Program Files\Adobe\Reader 9.0\Reader\JavaScripts\JSByteCodeWin.bin
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DVA.api
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml_
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf
  • C:\Documents and Settings\ardi\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\
  • C:\Documents and Settings\ardi\Local Settings\Temp
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font
  • C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8013.tmp
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api
  • C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins3d\
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V
  • C:\WINDOWS\system32\spool\drivers\color\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api
  • \\?\PIPE\lsarpc
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api
  • C:\WINDOWS\system32\d3d9caps.dat
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\eBook.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api
  • C:\Documents and Settings\
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8012.tmp
  • C:\Program Files\Common Files\Adobe\Updater6\
  • C:\Documents and Settings\ardi\Application Data\Adobe\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
  • C:\Documents and Settings\All Users\
  • C:\Documents and Settings\ardi\Local Settings\
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml
  • C:\Program Files\Adobe\Reader 9.0\Reader\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\weblink.api
File-Copied
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml_ -> C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml -> C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml.0
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml.0 -> C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\AdobeMissingComps.xml_
Directory-Created
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\ESD
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Updater6\Data
Directory-Enumerated
  • C:\Documents and Settings
  • C:\Documents and Settings\ardi\Local Settings
  • C:\Documents and Settings\ardi\Local Settings\Temp
  • C:\Documents and Settings\ardi
  • C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\68AB67CA000000007716E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\68AB67CA7DA73301B7449A0500000010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\PagedBuffers
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdobeARM.exe\RpcThreadPoolThrottle
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\68AB67CA000000007706E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\68AB67CA000000007716E7A854000000
  • HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\9.0\Language\current
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\Products\68AB67CA7DA73301B7449A0500000010
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\68AB67CA000000007716E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\68AB67CA00000000ABE7E7A854000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe ARM\1.0\ARM
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\68AB67CA00000000ABE7E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\68AB67CA000000007706E7A854000000
  • HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe ARM\1.0\ARM
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\68AB67CA000000007706E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\68AB67CA00000000ABE7E7A854000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA73301B7449A0500000010
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\AdobeViewer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{450D8FBA-AD25-11D0-98A8-0800361B1103}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Adobe_Updater.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Updater
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\System
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
Registry Key-Deleted
  • HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM\iNotify
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableLUAPatching
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\current\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\Debug
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0500000010\Language
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableUserInstalls
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0500000010\AuthorizedLUAApp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\VersionMajor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\DisplayVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\AdobeViewer\EULA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer\Path
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\VersionMinor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisablePatch
  • HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM\tLastT_Reader
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\bUpdater
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\Attributes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisablePatch
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap\LdapClientIntegrity
Mutex-Accessed
  • k4MZXm/abW9MoMnrUNTWcg==
  • 1wRmm2ZiwBb4Eb1yK8kugA==
  • 92VoCgi0A5a/jAX0YkIBcA==
  • 2AC1A572DB6944B0A65C38C4140AF2F453c006253D0
  • æ‘æ‰¯å•¥æ‘°ç‘¡ç‰¥6
  • wCFKEBnpoK7RE5GfO+M6uA==

Processes

registry filesystem process services network synchronization

lsass.exe PID: 660, Parent PID: 536

AcroRd32.exe PID: 1892, Parent PID: 1860

Adobe_Updater.exe PID: 1340, Parent PID: 1892

AdobeARM.exe PID: 1460, Parent PID: 1892

Volatility

Nothing to display.